Inferred Discovery of a Data Communications Device

ABSTRACT

Methods, apparatus, and products for inferred discovery of a data communications device connected to a router, unreachable by a management module, and characterized by a device address are disclosed that include querying, by the management module, the router for connection data and identifying, by the management module in dependence upon the connection data, the device address.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The field of the invention is data processing, or, more specifically,methods, apparatus, and products for inferred discovery of a datacommunications device.

2. Description of Related Art

The development of the EDVAC computer system of 1948 is often cited asthe beginning of the computer era. Since that time, computer systemshave evolved into extremely complicated devices. Today's computers aremuch more sophisticated than early systems such as the EDVAC. Computersystems typically include a combination of hardware and softwarecomponents, application programs, operating systems, processors, buses,memory, input/output devices, and so on. As advances in semiconductorprocessing and computer architecture push the performance of thecomputer higher and higher, more sophisticated computer software hasevolved to take advantage of the higher performance of the hardware,resulting in computer systems today that are much more powerful thanjust a few years ago.

One of the areas in which progress has been made is in inferreddiscovery of a data communications device. In multiprotocol labelswitching, layer 3, virtual private networks (‘L3VPN’), a datacommunications device, such as a customer edge router is only reachablefrom a management module for the purpose of discovery if that managementmodule and the customer edge router are members of the same VPN. Becauseit is inefficient to create a new management module for each VPN that ismanaged by a single entity, management modules are often members ofmultiple VPNs. A management module that is a member of multiple VPNs isa security risk. Another problem created by having a management modulebe a member of multiple VPNs is that customer edge routers in differentVPNs may use the same IP address. A management module that is a memberof multiple VPNs may encounter difficulty in distinguishing between datacommunications from two customer edge routers having the same IPaddress.

In addition to customer edge routers in L3VPNs, other datacommunications devices are unreachable by a management module, such as,External Border Gateway Protocol (‘EBGP’) speakers in networks belongingto other providers. An EBGP speaker exchanges routing informationbetween autonomous systems. An autonomous system is a collection ofInternet Protocol networks and routers, typically under the control of asingle entity, that presents a common routing policy to the internet.Attempts to discover an EGBP speaker outside of the autonomous systemmanaged by the management module, by Internet Control Message Protocol(‘ICMP’) echo requests, for example, may be viewed by the owner of theEGBP speaker as a hostile act or a denial of service attack.

SUMMARY OF THE INVENTION

Methods, apparatus, and products for inferred discovery of a datacommunications device connected to a router, unreachable by a managementmodule, and characterized by a device address are disclosed that includequerying, by the management module, the router for connection data andidentifying, by the management module in dependence upon the connectiondata, the device address.

The foregoing and other objects, features and advantages of theinvention will be apparent from the following more particulardescriptions of exemplary embodiments of the invention as illustrated inthe accompanying drawings wherein like reference numbers generallyrepresent like parts of exemplary embodiments of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 sets forth a network diagram of a system for inferred discoveryof a data communications device according to embodiments of the presentinvention.

FIG. 2 sets forth a block diagram of automated computing machinerycomprising an exemplary computer useful in inferred discovery of a datacommunications device according to embodiments of the present invention.

FIG. 3 sets forth a flow chart illustrating an exemplary method forinferred discovery of a data communications device according toembodiments of the present invention.

FIG. 4 sets forth a flow chart illustrating a further exemplary methodfor inferred discovery of a data communications device according toembodiments of the present invention.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Exemplary methods, apparatus, and products for inferred discovery of adata communications device in accordance with the present invention aredescribed with reference to the accompanying drawings, beginning withFIG. 1. FIG. 1 sets forth a network diagram of a system for inferreddiscovery of a data communications device according to embodiments ofthe present invention. The system of FIG. 1 includes data communicationsdevice (106, 108, 116). Each data communications device is connected toa router (102, 104, 114) and each data communications device ischaracterized by a device address (306). A device address is an addressthat can be used by a management module to identify and monitor a datacommunications device, such as for example, an IP address. Datacommunications devices capable of inferred discovery in accordance withembodiments of the present invention may be implemented as any devicecapable of data communications with a router, such as, for exampleanother router. In the system of FIG. 1, each data communications device(106, 108, and 116) is unreachable by a management module.

The data communications devices (106, 108) are part of a virtual privatenetwork (‘VPN’) (110) connected to network (101). A VPN is a privatecommunications network used to communicate confidentially over a publicnetwork. Each data communications device (106, 108) may be implementedas a customer edge router. A customer edge router is the router locatedat a customer site that is connected to a provider's core network. Eachrouter (102, 104) connected to the data communications devices may beimplemented as a provider edge router. A provider edge router is arouter located in the core of the provider network that connects to aprovider edge router.

The data communications device (116) is part of an autonomous system(105). An autonomous system is a collection of Internet Protocolnetworks and routers, typically under the control of a single entity,that presents a common routing policy to the internet. Autonomoussystems may exchange routing information between one another through theuse of the external border gateway protocol (‘EBGP’). Routers thatexchange such routing information between autonomous systems are EBGPspeakers. The data communications device (116) and the router (114) inthe system of FIG. 1 may be implemented as EBGP speakers.

The system of FIG. 1 also includes management modules (307, 309) thatimplement inferred discovery of a data communications device inaccordance with embodiments of the present invention. Management module(307) is part of the provider network (101). Management module (307) maybe configured to manage any devices within the provider network (101).Management module (309) is located within autonomous system (103).Management module (309) may be configured to manage the networkconnectivity of any device within the autonomous system (103). Eachmanagement module (307, 309) implements inferred discovery of a datacommunications device by querying a router (102, 114) for connectiondata (312) and identifying, in dependence upon the connection data(312), the device address. Connection data may be implemented as aforwarding table that includes an interface address of an interface of arouter or as a management information base containing informationdescribing devices in an autonomous system that is not managed by themanagement module.

The arrangement of routers, management modules, and other datacommunications devices making up the exemplary system illustrated inFIG. 1 are for explanation, not for limitation. Data processing systemsuseful according to various embodiments of the present invention mayinclude additional servers, routers, other devices, and peer-to-peerarchitectures, not shown in FIG. 1, as will occur to those of skill inthe art. Networks in such data processing systems may support many datacommunications protocols, including for example TCP (TransmissionControl Protocol), IP (Internet Protocol), HTTP (HyperText TransferProtocol), WAP (Wireless Access Protocol), HDTP (Handheld DeviceTransport Protocol), and others as will occur to those of skill in theart. Various embodiments of the present invention may be implemented ona variety of hardware platforms in addition to those illustrated in FIG.1.

Inferred discovery of a data communications device in accordance withthe present invention is generally implemented with computers, that is,with automated computing machinery. In the system of FIG. 1, forexample, the management module is implemented to some extent as acomputer. For further explanation, therefore, FIG. 2 sets forth a blockdiagram of automated computing machinery comprising an exemplarycomputer (152) useful in inferred discovery of a data communicationsdevice according to embodiments of the present invention. The computer(152) of FIG. 2 includes at least one computer processor (156) or ‘CPU’as well as random access memory (168) (‘RAM’) which is connected througha system bus (160) to processor (156) and to other components of thecomputer.

Stored in RAM (168) is a management module (308), a module of computerprogram instructions for inferred discovery of a data communicationsdevice according to embodiments of the present invention. The datacommunications device (304) of FIG. 2 is connected to the router (302),is characterized by a device address (306), and is unreachable by themanagement module (308). The exemplary management module (308) of FIG. 2queries the router (302) for connection data (312). The managementmodule (308) also identifies, in dependence upon the connection data(312), the device address (306).

Also stored in RAM (168) is an operating system (154). Operating systemsuseful in computers according to embodiments of the present inventioninclude UNIX™, Linux™, Microsoft Vista™, Microsoft XP™, AIX™, IBM'si5/OS™, and others as will occur to those of skill in the art. Operatingsystem (154), management module (308), connection data (312), and deviceaddress (306) in the example of FIG. 2 are shown in RAM (168), but manycomponents of such software typically are stored in non-volatile memoryalso, for example, on a disk drive (170).

The computer (152) of FIG. 2 includes a bus adapter (158), a computerhardware component that contains drive electronics for the high speedbuses, the front side bus (162), the video bus (164), and the memory bus(166), as well as drive electronics for the slower expansion bus (160).Examples of bus adapters useful for inferred discovery of a datacommunications device according to embodiments of the present inventioninclude the Intel Northbridge, the Intel Memory Controller Hub, theIntel Southbridge, and the Intel I/O Controller Hub. Examples ofexpansion buses useful for inferred discovery of a data communicationsdevice according to embodiments of the present invention includeIndustry Standard Architecture (‘ISA’) buses and Peripheral ComponentInterconnect (‘PCI’) buses.

The computer (152) of FIG. 2 includes disk drive adapter (172) coupledthrough expansion bus (160) and bus adapter (158) to processor (156) andother components of the computer (152). Disk drive adapter (172)connects non-volatile data storage to the computer (152) in the form ofdisk drive (170). Disk drive adapters useful in computers includeIntegrated Drive Electronics (‘IDE’) adapters, Small Computer SystemInterface (‘SCSI’) adapters, and others as will occur to those of skillin the art. In addition, non-volatile computer memory may be implementedfor a computer as an optical disk drive, electrically erasableprogrammable read-only memory (so-called ‘EEPROM’ or ‘Flash’ memory),RAM drives, and so on, as will occur to those of skill in the art.

The example computer (152) of FIG. 2 includes one or more input/output(‘I/O’) adapters (178). I/O adapters in computers implementuser-oriented input/output through, for example, software drivers andcomputer hardware for controlling output to display devices such ascomputer display screens, as well as user input from user input devices(181) such as keyboards and mice. The example computer (152) of FIG. 2includes a video adapter (209), which is an example of an I/O adapterspecially designed for graphic output to a display device (180) such asa display screen or computer monitor. Video adapter (209) is connectedto processor (156) through a high speed video bus (164), bus adapter(158), and the front side bus (162), which is also a high speed bus.

The exemplary computer (152) of FIG. 2 includes a communications adapter(167) for data communications with other computers (182) and for datacommunications with a data communications network (100). Such datacommunications may be carried out serially through RS-232 connections,through external buses such as a Universal Serial Bus (‘USB’), throughdata communications data communications networks such as IP datacommunications networks, and in other ways as will occur to those ofskill in the art. Communications adapters implement the hardware levelof data communications through which one computer sends datacommunications to another computer, directly or through a datacommunications network. Examples of communications adapters useful forinferred discovery of a data communications device according toembodiments of the present invention include modems for wired dial-upcommunications, Ethernet (IEEE 802.3) adapters for wired datacommunications network communications, and 802.11 adapters for wirelessdata communications network communications.

For further explanation, FIG. 3 sets forth a flow chart illustrating anexemplary method for inferred discovery of a data communications deviceaccording to embodiments of the present invention. In the method of FIG.3, the data communications device (304) is connected to a router (302)and is characterized by a device address (306). Data communicationsdevices capable of inferred discovery may be implemented as any devicecapable of data communications with router (302), such as, for exampleanother router. In the method of FIG. 3, the data communications device(304) is unreachable by a management module (308).

In the method of FIG. 3, the router (302) includes a forwarding table(320). The forwarding table (320) is an instance of virtual routing andforwarding (‘VRF’). A VRF instance includes information describing thetopology of a network. The router (302) uses the forwarding table (320)to forward data communications packets by matching a destination addressto the network paths used to reach the destination address. Inmultiprotocol label switching, layer 3, virtual private networks(‘L3VPN’), for example, the router (302) supports multiple forwardingtables. Each forwarding table is associated with a single VPN.

In the method of FIG. 3, the router (302) is characterized by aninterface (316) associated with the forwarding table. An interface is aconnection point between a data communications device and a router.Examples of interfaces include Ethernet, Fast Ethernet, GigabitEthernet, optical fiber, and others will occur to those of skill in theart. The interface (316) in FIG. 3 is characterized by an interfaceaddress (318) having a /30 subnet mask. An interface address may beimplemented as a logical address, such as an internet protocol (‘IP’)address. An IP address has two components, the network address and thehost address. A subnet mask is a mask used to determine the subnet, thenetwork address, to which an IP address belongs. A subnet mask consistsof a series of 1s in binary followed by a series of 0s. The 1s designatethe part of the IP address that is the host address, and the 0sdesignate the part of the IP address that is the network address. Thesubnet mask is used in conjunction with the IP address to determinewhich part of the IP address is the network address and which part isthe host address. A subnet masks may be expressed in various ways suchas, for example, in dot-decimal form, binary, or classless inter-domainrouting (‘CIDR’) notation. A /30 subnet mask is the CIDR notationequivalent to 225.255.255.252, in dot-decimal form, or11111111.11111111.11111111.11111100, in binary. Each subnet includes twoIP addresses that are reserved, the network identification address andthe broadcast address. In a subnet having a /30 subnet mask, there arefour host addresses, with two addresses being reserved, leaving only twoavailable host addresses. The reserved addresses, in binary, end in 11,and 00 and the available address end in 10 and 01.

The method of FIG. 3 includes querying (310), by the management module(308), the router (302) for connection data (312). In the method of FIG.3 querying (310) the router (302) for connection data (312) is carriedout by retrieving (322), by the management module (308) from the router(302), the interface address (318) as part of the connection data (318).The management module (308) may retrieve the interface address (318) byretrieving the interface address from a memory location, that is, themanagement module may be configured with the interface address. Otherways of retrieving the interface address may include pinging the routerfor the interface address, running a traceroute on the router, or otherways as will occur to those of skill in art.

The method of FIG. 3 also includes identifying (314), by the managementmodule (308) in dependence upon the connection data (322), the deviceaddress (306). In the method of FIG. 3, identifying (314) the deviceaddress (306) is carried out by determining (324), by the managementmodule (308) in dependence upon the interface address (318), the deviceaddress (306). As explained above, in a /30 subnet, only two hostaddresses are available. The management module (308) may determine thedevice address (306) by inverting the last two bits of the binaryinterface address. If the last two bits of the interface address, inbinary, are 10, then the device address ends in 01. Consider as anexample, the interface address 192.168.1.2 having a /30 subnet mask. Thereserved network identification address is 192.168.1.0, and the reservedbroadcast address is 192.168.1.3. The interface address 192.168.1.2 inbinary ends in 10. Inverting the last two bits of the interface addressresults in a device address ending 01. That is, the device address for a/30 subnet, with an interface address of 192.168.1.2, is 192.168.1.1.The management module (308) may also determine the device address byfinding in a lookup table, the only address that is unknown, that is,eliminating the three known addresses, the broadcast address, thenetwork identification address, and the interface address. Readers ofskill in the art will immediately recognize other ways of determiningdevice address in accordance with embodiments of the present invention.

The method of FIG. 3 also includes creating (326), in a network model(328) by the management module (308), a representation (305) of the datacommunications device (304). A network model is a representation ofnetwork topology. Network models useful for inferred discovery of datacommunications devices may be used to collect and distribute datacommunications and build and maintain knowledge about physical andlogical network connectivity. The management module (308) may create, inthe network model, a representation of the data communications device bydefining in the network model the device address and a connectionbetween the data communications device and the interface.

The method of FIG. 3 also includes monitoring (330), by the managementmodule (308), the data communications device (304). The managementmodule may monitor the data communication device by, for example, usingthe network model to collect and distribute data communications betweenthe router and the data communications device, and other ways as willoccur to those of skill in the art.

For further explanation, FIG. 4 sets forth a flow chart illustrating afurther exemplary method for inferred discovery of a data communicationsdevice according to embodiments of the present invention. The method ofFIG. 4 is similar to the method of FIG. 3 including as it does themanagement module's (308) querying (310) the router (302) for connectiondata (312) and the management module's (308) identifying (314) thedevice address (306). In the method of FIG. 4, however, the router (302)is part of an autonomous system (404) that is managed by the managementmodule (308) and the data communications device (304) is part of anautonomous system (402) that is not managed by the management module(302). An autonomous system is a collection of Internet Protocolnetworks and routers, typically under the control of a single entity,that presents a common routing policy to the internet. Autonomoussystems may exchange routing information between one another through theuse of the external border gateway protocol (‘EBGP’). Routers thatexchange such routing information between autonomous systems are EBGPspeakers. Data communications devices and the routers useful in inferreddiscovery of a data communications device may be implemented as EBGPspeakers.

In the method of FIG. 4 the exemplary router also includes a managementinformation base (406) that includes information (408) describingdevices in the autonomous system (402) that is not managed by themanagement module. A management information base (‘MIB’) is a collectionof managed objects residing in a virtual information store. Information(408) describing devices in the autonomous system (402) that is notmanaged by the management module may include the device address (406) aswell as other information as will occur to those of skill in the art. Inthe method of FIG. 4, querying (310) the router (302) for connectiondata (312) is carried out by retrieving (410), by the management module(308) from the management information base (406) as part of theconnection data (312), information (408) describing devices in theautonomous system that is not managed by the management module.

Exemplary embodiments of the present invention are described largely inthe context of a fully functional computer system for inferred discoveryof a data communications device. Readers of skill in the art willrecognize, however, that the present invention also may be embodied in acomputer program product disposed on signal bearing media for use withany suitable data processing system. Such signal bearing media may betransmission media or recordable media for machine-readable information,including magnetic media, optical media, or other suitable media.Examples of recordable media include magnetic disks in hard drives ordiskettes, compact disks for optical drives, magnetic tape, and othersas will occur to those of skill in the art. Examples of transmissionmedia include telephone networks for voice communications and digitaldata communications networks such as, for example, Ethernets™ andnetworks that communicate with the Internet Protocol and the World WideWeb as well as wireless transmission media such as, for example,networks implemented according to the IEEE 802.11 family ofspecifications. Persons skilled in the art will immediately recognizethat any computer system having suitable programming means will becapable of executing the steps of the method of the invention asembodied in a program product. Persons skilled in the art will recognizeimmediately that, although some of the exemplary embodiments describedin this specification are oriented to software installed and executingon computer hardware, nevertheless, alternative embodiments implementedas firmware or as hardware are well within the scope of the presentinvention.

It will be understood from the foregoing description that modificationsand changes may be made in various embodiments of the present inventionwithout departing from its true spirit. The descriptions in thisspecification are for purposes of illustration only and are not to beconstrued in a limiting sense. The scope of the present invention islimited only by the language of the following claims.

1. A method of inferred discovery of a data communications deviceconnected to a router, unreachable by a management module, andcharacterized by a device address, the method comprising: querying, bythe management module, the router for connection data, wherein theconnection data comprises an interface address of an interface of therouter; generating, by the management module in dependence upon theconnection data, the device address at least by performing an operationon the interface address to generate the device address from theinterface address; and monitoring, by the management module, the datacommunications device based upon the device address.
 2. The method ofclaim 1 wherein: the router comprises a forwarding table and theinterface is associated with the forwarding table; the interface addressis characterized by a /30 subnet mask.
 3. The method of claim 2 whereinthe router is a provider edge router and the data communications deviceis a customer edge router.
 4. The method of claim 1 wherein the routeris part of an autonomous system that is managed by the managementmodule, the data communications device is part of an autonomous systemthat is not managed by the management module, the router furthercomprises a management information base that includes informationdescribing devices in the autonomous system that is not managed by themanagement module.
 5. The method of claim 4 wherein the router is anEBGP speaker and the data communications device is an EBGP speaker. 6.The method of claim 1, wherein monitoring the data communications devicefurther comprises: creating, in a network model by the managementmodule, a representation of the data communications device; andmonitoring, by the management module, the data communications devicebased on the network model.
 7. Apparatus for inferred discovery of adata communications device connected to a router, unreachable by amanagement module, and characterized by a device address, the apparatuscomprising a computer processor, a computer memory operatively coupledto the computer processor, the computer memory having disposed within itcomputer program instructions that, when executed by the apparatus,cause the apparatus to: query, by the management module, the router forconnection data, wherein the connection data comprises an interfaceaddress of an interface of the router; generate, by the managementmodule in dependence upon the connection data, the device address atleast by performing an operation on the interface address to generatethe device address from the interface address; and monitor, by themanagement module, the data communications device based upon the deviceaddress.
 8. The apparatus of claim 7 wherein: the router comprises aforwarding table and the interface is associated with the forwardingtable, and the interface address is characterized by a /30 subnet mask.9. (canceled)
 10. The apparatus of claim 7 wherein the router is part ofan autonomous system that is managed by the management module, the datacommunications device is part of an autonomous system that is notmanaged by the management module, the router further comprises amanagement information base that includes information describing devicesin the autonomous system that is not managed by the management module;and querying the router for connection data further comprises:retrieving, by the management module from the management informationbase as part of the connection data, information describing devices inthe autonomous system that is not managed by the management module. 11.(canceled)
 12. The apparatus of claim 7 further comprises computerprogram instructions to monitor the data communications device thatcause the apparatus to: create, in a network model by the managementmodule, a representation of the data communications device; and monitor,by the management module, the data communications device based on thenetwork model.
 13. A computer program product for inferred discovery ofa data communications device connected to a router, unreachable by amanagement module, and characterized by a device address, the computerprogram product disposed in a non-transitory computer readable medium,the computer program product comprising computer program instructions,which when executed by a computing device, cause the computing deviceto: query, by the management module, the router for connection data,wherein the connection data comprises an interface address of aninterface of the router; generate, by the management module independence upon the connection data, the device address at least byperforming an operation on the interface address to generate the deviceaddress from the interface address; and monitor, by the managementmodule, the data communications device based upon the device address.14-15. (canceled)
 16. The computer program product of claim 13 wherein:the router comprises a forwarding table and the interface is associatedwith the forwarding table, and the interface address is characterized bya /30 subnet mask.
 17. (canceled)
 18. The computer program product ofclaim 13 wherein the router is part of an autonomous system that ismanaged by the management module, the data communications device is partof an autonomous system that is not managed by the management module,the router further comprises a management information base that includesinformation describing devices in the autonomous system that is notmanaged by the management module; and querying the router for connectiondata further comprises: retrieving, by the management module from themanagement information base as part of the connection data, informationdescribing devices in the autonomous system that are not managed by themanagement module.
 19. (canceled)
 20. The computer program product ofclaim 13 further comprises computer program instructions to monitor thedata communications device that further cause the computing device to:create, in a network model by the management module, a representation ofthe data communications device; and monitor, by the management module,the data communications device based on the network model.
 21. Themethod of claim 1, wherein the operation performed on the interfaceaddress comprises a bit inversion operation, and wherein the operationperformed on the interface address comprises inverting the last two bitsof the interface address to generate the device address for a /30subnet.
 22. The apparatus of claim 7, wherein the operation performed onthe interface address comprises a bit inversion operation, and whereinthe operation performed on the interface address comprises inverting thelast two bits of the interface address to generate the device addressfor a /30 subnet.
 23. The computer program product of claim 13, whereinthe operation performed on the interface address comprises a bitinversion operation, and wherein the operation performed on theinterface address comprises inverting the last two bits of the interfaceaddress to generate the device address for a /30 subnet.